Hive-mind of apps secures cyber resiliency

Synergies will be the most important advance in corporate cyber security in our near future.

Tallen Harmsen.
Tallen Harmsen.

Lack of synergy between applications means those businesses trying to get a single pane of glass into their security environments achieve little. They typically get plain old information-sharing. What they really need to do is mature their security posture.

This will help them to go beyond managing their security applications through a single tool, unified console, or dashboard that integrates information from a variety of sources throughout their environment.

They'll also get synergies. By that I mean the interaction and cooperation of all the elements in their environment, collaborating toward a common goal to secure the environment, building one upon another, double-checking one another and learning from one another.

Artificial intelligence (AI) provides the necessary analytics and learning capabilities to achieve it. It'll give administrators and the applications under their care a constant feedback loop that enhances every assimilated cyber security system that ultimately creates a hive-mind system of near impenetrable systems.

The ultimate goal is exceptional cyber resiliency.

Resiliency emerges from cohesion, everything working together, resulting in the ability to even pre-empt events so that security systems are no longer waiting for input from administrators or nefarious elements but rather taking steps to mitigate even before problems arise.

Resiliency emerges from cohesion, everything working together, resulting in the ability to even pre-empt events.

This cohesion implies a back and forth. Most systems today have an element of analytics and intelligence built into them so if we can unite them we can detect events far earlier in their lifecycles.

Detecting from multiple sources means we can more accurately and quickly identify false positives since one system can query another for a probability. Being able to do that means we can lock down what must be locked down when someone or their bot is sniffing around. Or we can stop malware propagation across the network and devices before it gets much past ground zero.

We can lock down access to sources outside the network, or inside if it's the work of an agent provocateur. We can also begin tracking the source, identifying the culprit, and gathering data for actionable law enforcement.

One system on its own is incapable of that kind of rapid, accurate, intelligent action today. A firewall, for example, can reasonably be expected to check every packet coming in or leaving but it may be no good at preventing the propagation of malware once activated by a user from an innocuous-looking attachment. A system administrator can later trace the source of the infected attachment and prevent further mails from domains and IPs but it may be too late by then.

Working together, a firewall, anti-virus, and malware and spam blocker can intelligently perform all of those activities in the blink of an eye.

Initial stimulation from human administrators and perhaps some pre-installation, lab-based intelligence, coupled with best practice, can get the ball rolling but a smart AI will learn as it encounters new threats, constantly staying at the forefront of mitigations.

That capability, distributed among the applications in the security environment, becomes a cohesive hive of agents acting increasingly intelligently and in unison with the ability to elastically absorb or eject new or old systems attached to the network on an ongoing basis.

Rather than collaborate or orchestrate, we can have the systems themselves learning, updating one another, and relying on one another for checks and balances. The human element remains important both to develop the baseline responses as well as to retain overall control.

These synergies will mature an organisation's security stance, deriving a level of resiliency unprecedented today. Synergies will be the most important advance in cyber security in our near future.

But that future is not yet probable. Proprietary solutions kill the ability to achieve this outcome. Alliances and partnerships, many of which are taking place, are great for the industry and customers who will use the solutions.

The issue is not integration. It's sharing the information, beyond the analytics shared with security information and event management (SIEM) already happening. We need mitigation capability-sharing, event information-sharing, sharing information on what actions have occurred, actions applications have taken, of probabilities, and it has to be between applications not the hub-and-spoke process used for sharing information with SIEMs.

The only way to get this to work is to get vendor buy-in based on a standard for open collaboration. Networking is headed this way with software-defined networking and now we need to get security there.

Tallen Harmsen
Head of cyber security at IndigoCube.

Tallen Harmsen has more than 14 years of experience as a security consultant and 21 years in the IT industry. He has been exposed in depth to the financial services, insurance, healthcare, pharmaceutical, mining, retail and logistics sectors. In his role as head of IndigoCube Cyber Security business, he engages progressive business solutions that challenge the emerging and entrenched threat landscapes.

Have your say
Facebook icon
Youtube play icon